Forwarded From: William Knowles <erehwonat_private>
http://www.fcw.com/pubs/fcw/1999/0412/web-mike-04-14-99.html
(Federal Computer Week) [4.14.99] Do you have a microphone or video camera
connected to your computer or network? If you value your privacy, turn
those devices off, a top Army computer protection official warned today.
Philip Loranger, chief of the Command and Control Protect Division in the
Army's Information Assurance Office, demonstrated how anyone can attack a
network and turn on any camera or microphones connected to that network
with what he called "not very sophisticated hacker tools'' downloaded from
the Internet.
Loranger, who conducted an attack on a dial-up military network in
Columbia, Md., from an Association of U.S. Army Information Assurance
symposium in Falls Church, Va., said the .mil system he managed to
penetrate -- and whose identity he would not disclose -- did not have any
intrusion-detection system despite the spurt of recent publicity about an
increase in hacker attacks. Using "point and click'' hacker tools,
Loranger said he cracked three out of seven passwords on the system.
Once inside the network, Loranger said he then probed the network and
discovered a "read/write password file'' that allowed him to delete the
"super-user'' password, allowing him to create a super-user password for
himself, giving him free reign over the system. Loranger said this then
allowed him to search the system for any microphones or cameras connected
to it and then turned them on. "I can capture conversations and bring them
back to my own computer,'' Loranger said, "and I can turn on video cameras
and bring pictures back.''
The Army conducted this "white-hat attack'' after warning the target
facility to expect it, Loranger explained, but the lack of
intrusion-detection devices did not provide the system's users with any
warning "until I launched a denial-of-service attack and brought the
system down.''
Loranger said he conducted the demonstration to emphasize that hackers use
information warfare attacks to do more than just cripple computers or
steal information located on the network. The networks also can serve as
real-time windows into the physical world outside the network.
-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]